Forest Blog
by Forest Blog
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-46033 | Cri | 0.64 | 9.8 | 0.01 | Jan 25, 2022 | In ForestBlog, as of 2021-12-28, File upload can bypass verification. | ||
| CVE-2020-18964 | Hig | 0.57 | 8.8 | 0.01 | May 11, 2021 | Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges. | ||
| CVE-2022-29020 | Med | 0.40 | 6.1 | 0.01 | Apr 16, 2022 | ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar. | ||
| CVE-2021-46034 | Med | 0.40 | 6.1 | 0.01 | Jan 25, 2022 | A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box. | ||
| CVE-2008-5780 | 0.03 | — | 0.03 | Dec 30, 2008 | Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb. |
- risk 0.64cvss 9.8epss 0.01
In ForestBlog, as of 2021-12-28, File upload can bypass verification.
- risk 0.57cvss 8.8epss 0.01
Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.
- risk 0.40cvss 6.1epss 0.01
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.
- risk 0.40cvss 6.1epss 0.01
A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box.
- CVE-2008-5780Dec 30, 2008risk 0.03cvss —epss 0.03
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.